CVE-2024-57439 – com.ruoyi:ruoyi

Package

Manager: maven
Name: com.ruoyi:ruoyi
Vulnerable Version: >=0 <=4.8.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00264 pctl0.49647

Details

RuoYi vulnerable to Denial of Service by attackers with admin privileges An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.

Metadata

Created: 2025-01-29T15:31:35Z
Modified: 2025-01-29T19:20:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-qq5h-rjj9-q9qg/GHSA-qq5h-rjj9-q9qg.json
CWE IDs: ["CWE-281"]
Alternative ID: GHSA-qq5h-rjj9-q9qg
Finding: F159
Auto approve: 1